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CLAIMS: 



1 . Method of enabling differentiated control point access to services provided by 

a media provision entity in a computing environment (10) having a computer networking 
connectivity model, comprising the steps of: 

providing at least one logical device (24, 26) for a media provision entity (12), 

5 (step 38), and 

providing at least two different sets of permissions in relation to assets (assetl, 
asset2, assets, asset4, assets, asset6) associated with the media provision entity from said 
logical device, (step 40). 

10 2. Method according to claim 1, wherein the sets provide different permissions 

on an asset-by-asset basis. 

3. Method according to claim 1, wherein at least two logical devices are provided 
and a separate set of permissions is provided for each device. 

15 

4. Method according to claim 1, wherein at least two different sets allow at least 
one and the same action on an asset, but provide different results. 

5. Method according to claim 1, wherein the step of providing different sets of 
20 permissions is provided via a content directory service provided in each logical device. 

6. Method according to claim 1, further comprising the steps of registering a 
control point (20) with a security console (22) associated with the media provision entity 
(12), (step 42), and providing the control point with access according to at least one (24; 26) 

25 of the sets of permission. 

7. Method according to claim 6, wherein the control point is provided with 
access according to only one of the sets of permission. 
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8. Method according to claim 6, wherein there are at least two logical devices 
provided and a separate set of permissions is provided for each device and further comprising 
the step of attempting accessing all devices from the control point, (step 46), allowing access 
from one of the devices according to the set of permissions of that device, (step 48), and 

5 returning a fail message to the control point from the other devices, (step 50). 

9. Method according to claim 6, wherein the control point is provided with 
access to both the sets of permission. 

10 10. Method according to claim 9, further comprising the step of only allowing 

access for the set of permissions that are the most extensive. 

11. Method according to claim 9, further comprising the step of allowing access 
based on a logical "or" or "exclusive-or" operation of the sets of permissions. 

15 

12. Method according to claim 1, wherein the computer networking connectivity 
model is UPnP. 

13. Method of providing access to a control point (20) from a media provision 
20 entity (12) in a computing environment (10) having a computer networking connectivity 

model, which entity has at least one logical device (24, 26) providing at least two different 
sets of permissions in relation to assets (assetl, asset2, assets, asset4, asset5, asset6) 
associated with the media provision entity comprising the steps of: 

receiving an access attempt from a control point in all devices, (step 46), 
25 - granting access according to one of the sets of permissions for which the 

control point has received access, (step 48), and 

allowing access to the assets according to the permissions set, (step 50). 

14. Method according to claim 13, wherein the sets provide dijfferent permissions 
30 on an asset-by-asset basis. 

15. Method according to claim 13, wherein there are at least two logical devices, 
where a different set of permissions are associated with each device and the step of allowing 
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access comprises allowing access to the device associated with the set of permissions for 
which access has been granted. 

16. Method according to claim 13, wherein at least two different sets allow at least 
5 one and the same action on an asset, but provide different results. 

17. Apparatus (12) for enabling differentiated control point access to services 
provided in a computing environment (10) having a computer networking connectivity model 
and comprising: 

10 - a number of assets (assetl, asset2, asset3, asset4, assets, asset6), and 

at least one logical device (24, 26) providing at least two different sets of 
pennissions to control points in relation to assets associated with the apparatus. 

18. Apparatus according to claim 17, wherein the sets provide different 
15 permissions on an asset-by-asset basis. 

19. Apparatus according to claim 17, wherein the apparatus comprises at least two 
logical devices where each provides a different set of permissions. 

20 20. Apparatus according to claim 17, wherein at least two different sets allows the 

same action on an asset, but provide different results. 

21. Apparatus according to claim 17, wherein each device is provided with a 
content directory service (28, 32) for identifying assets which can be accessed. 

22. Apparatus according to claim 19, wherein a device for which a control point 
has been provided access is arranged to allow access and the other devices are arranged to 
return a fail message upon a request for access by the control point. 

23. Apparatus according to claim 17, wherein a control point has been allowed 
access according to more than one of the sets of permissions and the apparatus is arranged to 
allow access based on a logical operation of the access rights of the different sets. 
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24. Apparatus according to claim 23, wherein the apparatus is arranged to allow 
access only to the sets of permissions that are the most extensive. 

25. Apparatus according to claim 23, wherein the apparatus is arranged to allow 
5 access based on a logical "or" or "exclusive-or" operation on the sets of permissions. 

26. Apparatus according to claim 17, further comprising a security console (22) 
arranged to allow registration of control points and provide access to the logical devices. 

10 27, Network of computing apparatuses (10) using a computer networking 

connectivity model and comprising: 

at least one control point (20) provided in or for one of the apparatuses of the 

network, 

an apparatus (12) for enabling differentiated control point access to services 
15 and comprising: 

- at least one logical device (24, 26) providing at least two different sets of 
permissions in relation to assets (assetl, asset2, asset3, asset4, asset5, asset6) associated with 
the apparatus, and 

a security console (22) arranged to: 
20 - register a control point in or for one of the logical devices in order to provide 

access for the control point to at least parts of the apparatus for rendering services. 

28. Computer program product (52) for enabling differentiated control point 
access to services provided by a media provision entity in a computing environment having a 

25 computer networking connectivity model, comprising a computer readable medium having 
thereon: 

computer program code means, to make the media provision entity execute, 
when said program is loaded in the media provision entity: 

- provide at least one logical device for a media provision entity, and 
30 - provide at least two different sets of permissions in relation to assets 

associated with the media provision entity from said logical device. 

29. Computer program product (52) for providing access to a control point from a 
media provision entity in a computing environment having a computer networking 
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connectivity model, which entity has at least one logical device providing at least two 
different sets of permissions in relation to assets associated with the media provision entity, 
comprising a computer readable medium having thereon: 

computer program code means, to make the media provision entity execute, 
5 when said program is loaded in the media provision entity: 

- receive an access attempt from a control point in all devices and granting 
access according to one of the sets of permissions for which the control point has received 
access, and 

- allow access to the assets according to the permissions set. 

30. Computer program element for enabling differentiated control point access to 
services provided by a media provision entity in a computing environment having a computer 
networking connectivity' model, said computer program element comprising: 

computer program code means, to make the media provision entity execute, 
when said program element is loaded in the media provision entity: 

- provide at least one logical device for a media provision entity, and 

- provide at least two different sets of permissions in relation to assets 
associated with the media provision entity from said logical device. 

31. Computer program element for providing access to a control point from a 
media provision entity in a computing environment having a computer networking 
connectivity model, which entity has at least one logical device providing at least two 
different sets of permissions in relation to assets associated with the media provision entity, 
said computer program element comprising: 

computer program code means, to make the media provision entity execute, 
when said program element is loaded in the media provision entity: 

- receive an access attempt from a control point in all devices and granting 
access according to one of the set of permissions for which the control point has received 
access, and 

- allow access to the assets according to the permissions set. 



